SlowMist:A brief analysis of the story of the Sushi Swap attack

Background

The role of the Sushi Maker contract in the Sushi Swap project is to store the handling fee for each transaction pair in Sushi Swap. The handling fee will be stored in the contract in the form of SLP (Proof of Liquidity). There is a convert function in the Sushi Maker contract, which is used to obtain the corresponding tokens by calling the burn function of each trading pair from the fees collected from each trading pair, and then convert these tokens into sushi tokens and add them to Sushi In the Bar contract, the user who pledges sushi tokens in the Sushi Bar increases revenue, and the problem this time lies in the Sushi Maker contract.

Attack analysis

1. The attacker selects a trading pair in Sushi Swap, such as USDT/WETH, and then adds liquidity to obtain the corresponding SLP (USDT/WETH Liquidity Proof, hereinafter referred to as SLP), and uses the obtained SLP and another small amount of WETH to create one The new Sushi Swap trading pair will then get the SLP1 (WETH/SLP(USDT/WETH) liquidity certificate, hereinafter referred to as SLP1) of the new token pool and transfer it to the Sushi Maker contract.

Summary

The attacker uses SLP and WETH to create a new token pool, uses the SLP1 of the new token pool to convert in Sushi Maker, and uses a small amount of SLP to transfer all SLPs in the Sushi Maker contract to the token pool created by himself. All the handling fees of the corresponding transaction pair within a period of time will be collected into the bag. Repeat this process for other trading pairs and continue to make profits.

About us

SlowMist Technology is a company focused on blockchain ecological security. It was founded in January 2018 and is headquartered in Xiamen. It was founded by a team with more than ten years of front-line network security attack-defense experiences, and the team members have created the security project with world-class influence. SlowMist Technology is already a top international blockchain security company, served many global well-known projects mainly through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions,” including: cryptocurrency exchanges (such as Huobi, OKEx, Binance, etc.), cryptocurrency wallets (such as imToken, RenrenBit, MYKEY, etc.), smart contracts (such as TrueUSD, HUSD, OKUSD, etc.), DeFi projects (such as : JUST, BlackHoleSwap, DeFiBox, etc.), the underlying public chain (such as EOS, OKChain, PlatON, etc.), there are nearly a thousand commercial customers, customers distributed in more than a dozen major countries and regions.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store